Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - Avast SafeZone Browser Lets Attackers Access Your Filesystem (softpedia.com)

An anonymous reader writes: Just two days after Comodo's Chromodo browser was publicly shamed by Google Project Zero security researcher Tavis Ormandy, it's now Avast's turn to be publicly scorned for failing to provide a "secure" browser for its users.

Called SafeZone, and also known as Avastium, Avast's custom browser is offered as a bundled download for all who purchase or upgrade to a paid version of Avast Antivirus 2016. This poor excuse of a browser was allowing attackers to access files on the user's filesystem just by clicking on malicious links. The browser wouldn't even have to be opened, and the malicious link could be clicked in "any" browser.

Submission + - How do I get Microsoft to get up off their asses & look at a Windows 10 prob (live.com) 4

mykepredko writes: My product communicates with a host system via Bluetooth (using the Serial Port Profile) and each time a device is connected to a PC a couple of serial ports are allocated. Windows has always had a problem with not automatically disposing of the allocated ports when the connection is removed, but until Windows 10, there were processes for deleting them. This isn't possible for Windows 10 (which apparently has new Serial/Com port and/or Bluetooth drivers) — but individuals, who are apparently working for Microsoft, periodically reply with useless suggestions or attempt to promote questions and ideas as solutions to the problem: http://answers.microsoft.com/e... I suspect that this is an issue for all Windows 10 users (although I guess few people are plugging/unplugging devices) — so how do we get Microsoft to take notice (and not have to pay for them to fix their bug)?

Submission + - Belgium's ageing nuclear plants worry neighbours (phys.org)

mdsolar writes: As the two cooling towers at Belgium's Doel nuclear power belch thick white steam into a wintry sky, people over the border in the Dutch town of Nieuw-Namen are on edge.

They are part of a groundswell of concern in the Netherlands, Germany and Luxembourg over the safety of Belgium's seven ageing reactors at Doel and at Tihange, further to the south and east.

"I'm happy Holland, Germany and Luxembourg are reacting because they (officials) don't listen to you and me," butcher Filip van Vlierberge told AFP at his shop in Nieuw-Namen, where people can see the Doel plant.

Benedicte, one of his customers, nodded in agreement.

Van Vlierberge said he was particularly uneasy with the Belgian government's decision in December to extend the lives of 40-year-old reactors Doel 1 and Doel 2 until 2025 under a deal to preserve jobs and invest in the transition to cleaner energy.

Comment get rid of the stupid assists (Score 1) 165

BMWs that slam into park when in reverse and the door is ajar, damaged or missing...yeah, nice feature when one is attempting to back the vehicle in or out of a repair stall (took me awhile to figure out I needed to fasten the seat belt for such low speed maneuvering

Cars that move the damn outside mirrors down when shifted into reverse...WTF

Who the fuck thought putting a tiny rear camera screen in the rear view mirror was a good idea?

 

Submission + - Why some people think total nonsense is really deep (washingtonpost.com)

Earthquake Retrofit writes: Wapo has a story about Gordon Pennycook, a doctorate student at the University of Waterloo who studies why some people are more easily duped than others.

"Wholeness quiets infinite phenomena" was one of many randomly generated sentences Pennycook, along with a team of researchers at the University of Waterloo, used in a new four-part study put together to gauge how receptive people are to nonsense.

Those more receptive to bull**** are less reflective, lower in cognitive ability (i.e., verbal and fluid intelligence, numeracy), are more prone to ontological confusions [beliefs in things for which there is no empirical evidence (i.e. that prayers have the ability to heal)] and conspiratorial ideation, are more likely to hold religious and paranormal beliefs, and are more likely to endorse complementary and alternative medicine.

Submission + - Google to No Longer Support 32-bit Linux for Google Chrome

prisoninmate writes: Google announces that its Google Chrome web browser will no longer be available for 32-bit hardware platforms. Additionally, Google Chrome will no longer be supported on the Ubuntu 12.04 LTS (Precise Pangolin) and Debian GNU/Linux 7 (Wheezy) operating systems. Users are urged to update to the Ubuntu 14.04 LTS (Trusty Tahr) release and Debian GNU/Linux 8 (Jessie) respectively. Google will continue to support the 32-bit build configurations for those who want to build the open-source Chromium web browser on various Linux kernel-based operating systems.

Submission + - Vulnerability Reveals Real IP Addresses of VPN Users (thehackernews.com)

An anonymous reader writes: The vulnerability depends mostly on the port-forwarding feature offered by many VPN providers and, therefore, potentially affects all VPN protocols and operating systems.

The attacker and the victim must be using the same exit IP address. Furthermore, the address the client uses to connect to the VPN must be the same as the exit address, arguably a very poor practice to begin with, but adopted by many popular VPN services.

The vulnerability was announced by the Perfect Privacy VPN Provider.

The hackernews.com article mentions BitTorrent, probably because VPNs are popular among users of the protocol, but the vulnerability doesn't have anything to do with it (that is, BitTorrent is affected just as much as any other protocol).

Submission + - Will you be able to run a modern desktop environment in 2016 without systemd?

yeupou writes: Early this year, David Edmundson from KDE, concluded that "In many cases [systemd] allows us to throw away large amounts of code whilst at the same time providing a better user experience. Adding it [systemd] as an optional extra defeats the main benefit". A perfectly sensible explanation. But, then, one might wonder to which point KDE would remain usable without systemd?

Recently, on one Devuan box, I noticed that KDE power management (Powerdevil) no longer supported suspend and hibernate. Since pm-utils was still there, for a while, I resorted to call pm-suspend directly, hoping it would get fixed at some point. But it did not. So I wrote a report myself. I was not expecting much. But neither was I expecting it to be immediately marked as RESOLVED and DOWNSTREAM, with a comment accusing the "Debian fork" I'm using to "ripe out" systemd without "coming with any of the supported solutions Plasma provides". I searched beforehand about the issue so I knew that the problem also occurred on some other Debian-based systems and that the bug seemed entirely tied to upower, an upstream software used by Powerdevil. So if anything, at least this bug should have been marked as UPSTREAM.

While no one dares (yet) to claim to write software only for systemd based operating system, it is obvious that it is now getting quite hard to get support otherwise. At the same time, bricks that worked for years without now just get ruined, since, as pointed out by Edmunson, adding systemd as "optional extra defeats its main benefit". So, is it likely that we'll still have in 2016 a modern desktop environment, without recent regressions, running without systemd?

Submission + - The Three Letter Cure for Web Accessibility and Discrimination Problems (vortex.com)

Lauren Weinstein writes: If stable, supported user interface API access were available for services like Google+ — and the many other firms' systems around the Net that currently put users at an accessibility disadvantage — it would be possible for third parties (commercial, nonprofit, individuals, etc.) to write their own customized interfaces for these services to meet specific accessibility needs.

Visually enhanced high contrast interfaces? An interface much easier for someone with limited motor skill acuity? There are a vast range of possibilities for customized interfaces to help an enormous number of users, all of which could operate via the same essential kinds of API mechanisms.

Without APIs, such customized interfaces are usually impractical. Attempts to create customization based on "screen scraping" and techniques like page display CSS modifications are subject to potentially breaking at any time, whenever the underlying format or structure of displayed pages are altered.

You must have stable user interface APIs to make this work.

Comment Re:Fork (Score 2) 352

I've certainly had enough of XCF being the default saving format when 95% of the time I'm just doing a quick edit on a image.

overwrite the image or export if you don't want to save as an .xcf...

Comment Re:Netflix Should Quit Making Shows (Score 1) 169

The shows Netflix makes are of little value. I use the service to get quick, legal access to the umpteen series other people have made.

Arrested Development, Lillhammer and The Trailer Park Boys

I dunno how much involvement Netflix has or had in these shows being resurrected or allowed to continue...but they seem to claim some responsibility.

Submission + - SPAM: Overview of 100G Client-Side Transceivers

jojoco writes: Demand for 40G and 100G transport links is growing quickly in recent years. Cloud computing, mobile broadband and IPTV are all driving user bandwidth. 40G links have been deployed for several years. Now, 40G transceivers are ubiquitous in modern data center. In recent two years, the optical industry buzz is all about “beyond 100G” bit rates. And the market for 100G data center optics is accelerating. At present, there have been several types of 100G transceivers launched to the market including CXP, CFP, CFP2, CFP4, QSFP28.
Link to Original Source

Slashdot Top Deals

Life would be so much easier if we could just look at the source code. -- Dave Olson

Working...